On Saturday, January 22, 2022 4:20:07 PM EST Greg Wooledge wrote: > On Sat, Jan 22, 2022 at 01:57:38PM -0500, gene heskett wrote: > > So my resolv.conf says to search coyote.den, and failing that, use my > > isp's nameserver [...] > > Again: that is NOT what the resolv.conf file does. > > The /etc/nsswitch.conf file *SHOULD* tell your system to use the > /etc/hosts file first, and DNS second. At least, that's the default > and the norm.
Maybe I'm losing it, but I don't see any such directives in this file, copy pasted from the miss-behaving machine. ====================== # /etc/nsswitch.conf # # Example configuration of GNU Name Service Switch functionality. # If you have the `glibc-doc-reference' and `info' packages installed, try: # `info libc "Name Service Switch"' for information about this file. passwd: files group: files shadow: files gshadow: files hosts: files mdns4_minimal [NOTFOUND=return] dns networks: files protocols: db files services: db files ethers: db files rpc: db files netgroup: nis ======================= I am not all that familiar with this file, is it funkity? > > So convince me how I can build a stable local network using dhcp that > > still allows me to "ssh -Y rpi4" and know for 100% certainty that > > dhcp > > hasn't rerouted my ssh session to tlm.coyote.den. > > Honestly? I would not try to convince you to do this. It's additional > complexity that you clearly don't need, and perhaps aren't ready to > handle. > > For a LAN with no DHCP and no local DNS, here's what you need: > > 1) Each system must configure its own IP address, netmask, and default > route (gateway). This can be done in /etc/network/interfaces if the > interface name is well defined. It is well defined, but overridden at reboot because something edited the /etc/hostname file, restoring the installers default in the reboot process. That name is not in the hosts file. > If the interface name is an issue, then you'll also need to set up a > ".link" file in /etc/systemd/network/ to assign the interface name. > > 2) Each system should have an /etc/hosts file which has a unique header > per system (containing something like "127.0.1.1 tlm.coyote.den tlm"), > and then a copy-pasted body that's the same for all systems. In that > body, you'll specify the LAN IP addresses and the LAN hostnames of all > your systems. For example, > > 127.0.0.1 localhost > 192.168.1.1 router.coyote.den router > 192.168.1.2 tlm.coyote.den tlm > 192.168.1.3 sixty40.coyote.den sixty40 > ... > > Obviously I don't know your LAN IP addresses or most of your > hostnames, so I can only guess. But this is the general form that it > should have. > > 3) Systems that want to contact the Internet will also need an > /etc/resolv.conf file, telling them where the DNS resolvers are. If > your router is also your DNS resolver, then you would use something > like this: > > search coyote.den > nameserver 192.168.1.1 > > The "search" line doesn't actually do much here, because all of your > Internet queries are going to contain dots (like www.debian.org), and > therefore the search domain isn't used. But just in case you ever try > to hand a LAN hostname like "tlm" to a program that wants to contact > the Internet, the search domain will turn it into > "tlm.coyote.den" for you. Which of course resolves to a 192.168.xx.xx number which doesn't get thru the router without NATing first. The router of course has been reflashed with dd-wrt. > Systems that have no business contacting the Internet can omit this > file. Of course, that won't stop them from contacting the Internet > using raw IP addresses. They all have business with the net, updating the stuff they run several times a week. > If one of your computers isn't working correctly, then you can > troubleshoot it. We might even be able to help you, if you provide > enough information. > > Use "ip a" to see the addresses that are assigned to your interfaces. > Are those correct? If not, then you know there's an issue in step 1. > > Use "ip r" to see the routing table. Is the default route set > correctly? If not, then again, it's a step 1 issue. yes, my use of ip a for routing was a typu. > Can your computer access the Internet, but not the other hosts on the > LAN? Then it's probably a step 2 issue. Check your /etc/hosts file. > Also check /etc/nsswitch.conf for good measure. > > Can your computer access the other hosts on the LAN, but not the > Internet? Then it could be a step 3 thing (incorrect /etc/resolv.conf) > if DNS is the issue. If DNS isn't the issue (e.g. if ping 8.8.8.8 > fails), then it could be an incorrect default route. Or it could be a > firewall thing. I'm not covering firewalls here, but if you've got > one, it could be set up incorrectly and cause *all* kinds of havoc. No firewall. I do use iptables to protect my web pages, on this machine from being mirrored by every bot on the planet, but that is not in series with the miss-behaving machine, which is wired straight out of an 8 port switch with the router doing NAT to the address you'll see in a ping report when you ping the name in my sig. Thanks. Cheers, Gene Heskett. -- "There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order." -Ed Howdershelt (Author, 1940) If we desire respect for the law, we must first make the law respectable. - Louis D. Brandeis Genes Web page <http://geneslinuxbox.net:6309/gene>
